SFTP (Secure File Transfer Protocol) With Dropbear

Introduction

SFTP (SSH File Transfer Protocol, sometimes called Secure File Transfer Protocol) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with version 2 of the SSH protocol (TCP port 22) to provide secure file transfer, but is intended to be usable with other protocols as well.

SFTP is a secure form of the ftp command. Whenever a user opens up a regular ftp session or most other TCP/IP connections, the entire transmission made between the host and the user is sent in plain text. Anyone who has the ability to snoop on the network packets can read the data, including the password information. If an unauthorized user can login, they have the opportunity to compromise the system.

When using ssh’s sftp instead of the ftp, the entire login session, including transmission of password, is encrypted. It is therefore much more difficult for an outsider to observe and collect passwords from a system using ssh/sftp sessions.

Following packets screenshots are showing the difference between the FTP & SFTP packets:

FTP Packet transmission

The highlighted area, in the above screenshot of FTP packet capture, is showing the user name & password in simple text form.

SFTP Packet Transmission

SFTP packet transmission is not showing any user name & password information in packet capture.

Downloading Package

In Linux, OpenSSH application can be used for SFTP server or client. This application also contain the SSH server & client but due to its high memory requirement, we are not going to use it for SSH server & client. Dropbear is a good alternative (lightweight) application for SSH server & client implementation. The dropbear doesn’t have the SFTP support but SFTP of openssh can be used with dropbear also.

To download the openssh application, click here. For the latest version of dropbear, click here.

Configure Dropbear SSH server

SSH server can’t work independently, it require SSH server (like dropbear) to run. Dropbear require libz & libcrypto to run, so please first install them (if not install already). To install the dropbear SSH server, follow the steps given below.

It will install the dropbear SSH server. Now you can create the softlink of dbclient as ssh. It is not mandatory, you can also use dbclient instead of ssh command.

-bash-3.2# ln –s /usr/local/bin/dbclient /usr/bin/ssh

To start the dropbear SSH server, first create the dss & rsa keys (for the encryption of SSH packets) in /etc/dropbear directory. SSH server does work without encryption, so it is mandatory to create the keys.

-bash-3.2# dropbearkey –t dss –f /etc/dropbear/dropbear_dss_host_key

-bash-3.2# dropbearkey –t rsa –f /etc/dropbear/dropbear_rsa_host_key

Now dropbear canbe started simply by following command.

-bash-3.2# dropbear

If above will done properly you can connect your system via SSH.

Configure OpenSSH SFTP-server

We need only SFTP-server application from OpenSSH package. To get the sftp-server, compile the openssh by following method.

-bash-3.2# tar –xvf openssh-5.2p1.tar.gz

-bash-3.2# cd openssh-5.2p1

-bash-3.2# ./configure

-bash-3.2# make sftp-server

It will compile only sftp-server from openssh package. You can find sftp-server binary in your current directory (openssh package directory). Copy the sftp-server binary file to /usr/libexec directory.

-bash-3.2# cp sftp-server /usr/libexec/sftp-server

Sftp-server may require libz.so.1 or libz.so.2 (softlink of libz library file) and libcrypto.so.5 or libcrpto.so.6 (soflink of libcrypto library). You can check this by executing the sftp-server binary in your system, it will show error if any required library or softlink is missing.

Doesn’t seem to work, when I run sftp-server, it runs (using top), but I’m unable to connect via sFTP. Since there’s no other guide on the internet about this, would you mind updating (or checking that this method still works)?

Basically good writeup. That if truth be told once was some sort of discretion consideration this. View complex to much more unveiled acceptable within you! On the other hand, exactly how can we all keep in touch?

I run dropbear on CentOS the setup is simpler.
I will write it here for those who use dropbear on low end VPS like me.
– Suppose you already have SSH.
– You just install Dropbear with yum (not sure which repo.)
yum install dropbear
– select dropbear to run at startup using chkconfig. in my case:
chkconfig sshd off
chkconfig dropbear on
(This will not affect until next reboot)
– generate dropbear dss & rsa keys like article above.
– to use sftp you just have to create link like this
ln -s /usr/libexec/openssh/sftp-server /usr/libexec/sftp-server
– reboot